Skip to content

Categories:

France and Germany Suggest People Stop Using Internet Explorer; Microsoft Urges Users to Upgrade

After it was revealed that cyber attacks targeting Google and other businesses were exploiting a previously unknown vulnerability in Internet Explorer 6, 7 and 8, the German Federal Office for Information Security recommended that IE users to switch to an alternative browser until Microsoft patches the vulnerability. Today, the French government, through a statement released by CERTA, has also suggested that people use another browser for the time being.

Microsoft has stated that while all three versions of Internet Explorer are vulnerable, changes in IE7, IE8, Windows XP with Service Pack 3, Windows Vista and Windows 7 mitigate the risk. The changes that make these versions of IE and Windows less vulnerable to the exploit are outlined in the table below:

ievulnerabilitytable.png

People using Windows Vista or Windows 7 are less vulnerable because those operating systems come with IE8 pre-installed and include other security measures, leaving only Windows XP users that have not updated to Service Pack 3 prone to the exploit. Microsoft does, however, state that this information is based only on the attacks that they have witnessed thus far and from the samples of the exploit code that have been made public today. It has recommended that IE6 users on Windows XP upgrade to a newer version of IE and enable DEP, and also that Windows XP users upgrade to a newer version of Windows.

Technical details about the exploit can be found on Microsoft’s Security Research & Defense blog.

Internet Explorer 6 still commands between 11 percent (according to W3Counter) to 21 percent (according to Net Applications) of the global browser market despite being superseded by IE7 in 2006. The browser’s lack of modern security features has made it the frequent target of malware. Its prevalence has also forced web developers to ensure that their websites can be viewed correctly with IE6, which does not comply with newer web standards. In 2009, the IE6 No More campaign attracted 72 websites, including several high-profile ones, that agreed to display a notice for visitors using IE6 that urged them to upgrade to a modern browser. However, the death of IE6 is still far away and Microsoft will need to issue a speedy patch to fix the vulnerability.

[Table from Security Research & Defense]

Posted in Tech.

Tagged with , .


0 Responses

Stay in touch with the conversation, subscribe to the RSS feed for comments on this post.



Some HTML is OK

or, reply to this post via trackback.